期刊名称:Journal of Information Technology Theory and Application (JITTA)
印刷版ISSN:1532-4516
出版年度:2016
卷号:17
期号:3
页码:3
出版社:Association for Information Systems
摘要:Information security risk management (ISRM) methods aim to protect organizational information infrastructure from a range of security threats by using the most effective and cost-efficient means. We reviewed the literature and found three common deficiencies in ISRM practice: 1) information security risk identification is commonly perfunctory, 2) information security risks are commonly estimated with little reference to the organization’s actual situation, and 3) information security risk assessment is commonly performed on an intermittent, non-historical basis. These deficiencies indicate that, despite implementing ISRM best-practice, organizations are likely to have inadequate situation awareness (SA) regarding their information security risk environments. This paper presents a management system design that organizations can use to support SA in their ISRM efforts.
Loading...
